JOIN USAir India server hacked, details of 45 lakh passengers leaked
Personal data of around 45 lakh passengers were hacked in a major cyberattack on Air India's data processor of passenger service system, handled by technology provider SITA.
The airline said that the breach involved the personal data of passengers (name, contact, passport information, ticket information, credit card details) who registered between August 26, 2011, and February 20, 2021, Air India said in a statement. The airline clarified that the CVV/CVC information of the credit card holders was not stored with SITA PSS, suggesting that this data was not compromised.
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," read a statement released by Air India.
The airline said an investigation has been launched in the data security incident and the compromised servers have been secured. Besides, external specialists on data security incidents have been engaged and the company has reached out to credit card issuers to notify them about the data breach.
Air India said it had also begun resetting passwords of the frequent flyer programme.
“Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers,” the airline said.
The national carrier said it received the first notification regarding the data breach on February 25, and the identity of the affected data subjects was shared by the data processor on March 25 and April 5.
“The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” the statement further said.
The airline also requested passengers to change the passwords to their accounts on the Air India website and wherever else applicable.